Temp Password - Max Expire Time - Permission

[whisper-er]

Similarly to how there is the i_client_ban_max_bantime, I propose that there be a permission limiting the maximum expire time a temporary password will be valid for. I don't want all of my users to be able to create passwords that are valid for 999 days, so it would really be nice to be able to control this aspect of the temporary password management.

Thank you for your time. (Anyone else like this idea too?)

[SilentStorm]

I can see this coming in handy, so yeah it'd would be a nice thing to have.

[dante696]

The idea isn't that bad, but i see a conflict here.

Why should you tell a user, you are allowed to set a password for 1 day only, but that user can recreate the same password again, when the old password isn't usable anymore?

it's the same with the request for a "file size limit". whats stops the user, to split his files into an rar file?

[SilentStorm]

The idea isn't that bad, but i see a conflict here.

Why should you tell a user, you are allowed to set a password for 1 day only, but that user can recreate the same password again, when the old password isn't usable anymore?

it's the same with the request for a "file size limit". whats stops the user, to split his files into an rar file?

Valid Points, but personally I really don't see a point in having a temporary Password being valid for 2.74 years. Most I can think of would be Trial Members which usually is two weeks or a month tops. But even for that I'd prolly just use a servergroup.
In any case being able to limit it to some reasonable value would be nice. Temporary Passwords were never intended to be used as a replacement to the main server password anyway but I remember some discussion about this when they were introduced and after that it got raised to the current value, don't remember the reasons or the need that someone had but it doesn't really matter.

Offtopic:
As for what stops a User splitting to rar files: Global Filesize Limit would :P Sorry, couldn't resist . No need to answer I know it got rejected multiple times.

[whisper-er]

The idea isn't that bad, but i see a conflict here.

Why should you tell a user, you are allowed to set a password for 1 day only, but that user can recreate the same password again, when the old password isn't usable anymore?

it's the same with the request for a "file size limit". whats stops the user, to split his files into an rar file?

Thank you for your comment.

I'd echo SilentStorm's comments, as well as try to say it another way:

Limiting the validity period causes the user to do more work if they want to keep it valid. In your example they just recreate the password again when the old password is no longer usable.
This, to me, is the same line of reasoning used with the Security Level and Identities. Users can continue to create identities with high security levels to get around a ban, but the higher the level means more work is required, which is meant to be a deterrent for abuse.

So, that's what configuring the validity period on a temporary password would be: a deterrent

Thank you for your time.

[dante696]

The security level takes much (much much much) more time, than creating a new temporary password.

I create an eval ticket for this request, but the main idea behind 999 days was another request without any limitation.